CORBA and CORBA Security - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

CORBA and CORBA Security

Description:

Common Object Request Broker Architecture. Facility for interaction ... free ORBs: MICO MICO Is CORBA. Univ. Frankfurt; GPL. JacORB. Freie Univ. Berlin; LGPL ... – PowerPoint PPT presentation

Number of Views:66
Avg rating:3.0/5.0
Slides: 28
Provided by: august84
Category:
Tags: corba | orbs | security

less

Transcript and Presenter's Notes

Title: CORBA and CORBA Security


1
CORBA andCORBA Security
  • August Mayer, Graduate Project 2001
  • http//corbasec.n3.net

2
Contents
  • CORBA
  • Introduction
  • History
  • Products
  • Concepts
  • Programming
  • CORBA Security
  • Introduction, History
  • Products
  • Concepts
  • Programming

3
CORBA What?
  • Common Object Request Broker Architecture
  • Facility for interaction between objects
  • on different machines
  • concurrent execution
  • Object model derived from OMA
  • Object Management Architecture abstract

4
CORBA History
  • OMG Object Management Group
  • founded in 1989 by a group of companies,
    organizations and academia including
    Hewlett-Packard, Sun, Canon
  • CORBA Specifications published
  • 1.1 1991
  • 2.0 Dec. 1994
  • 2.4.2 current version (July 2001)

5
CORBA Products (1/2)
  • Iona Orbix, Orbacus
  • OrbixWeb for Java
  • new version Orbix2000
  • Orbacus previously ObjectBroker, by OOC
  • Inprise/Borland VisiBroker
  • a version built into Netscape 4.x Browser!
  • IBM Component Broker
  • part of WebSphere Application Server
  • etc.

6
CORBA Products (2/2)
  • free ORBs
  • MICO MICO Is CORBA
  • Univ. Frankfurt GPL
  • JacORB
  • Freie Univ. Berlin LGPL
  • TAO The ACE ORB
  • Washington Univ. in St. Louis
  • Orbit
  • for GNOME desktop environment GPL/LGPL

7
CORBA Basic model (1/2)
  • ORB Object Request Broker
  • relies on Object Services
  • relies on Common Facilities

8
CORBA The ORB
  • central facility that ties all together
  • minimal functionality for location-, language-
    and platform-independent communication
  • functions
  • initial access to services, creating basic
    objects, basic data types etc.
  • ORB.resolve_initial_references(..)
  • ORB.string_to_object(..), ORB.object_to_string(..)

9
CORBA Services
  • provide basic services / functionalities
  • currently specified (official)

Collection Service Persistent Object Service
Concurrency ServiceĀ  Property Service Event
Service Query Service Externalization Service
Relationship Service
Naming Service Security Service Licensing
Service Time Service Life Cycle Service
Trading Object Service Notification Service
Transaction Service
10
CORBA Facilities
  • provide services on a higher level
  • end-user oriented
  • applicable to multiple domains
  • currently specified (officially)
  • Time and Internationalization
  • Mobile Agent Facility

11
CORBA Programming?
  • write IDL (Interface Definition Language)
  • compile IDL
  • add object implementations
  • add main programs for server, client

12
CORBA IDL (1/3)
  • Interface Description Language
  • describes only the interfaces
  • system independent
  • syntax resembles to C/C/Java
  • like C header files, interface in Pascal

13
CORBA IDL (2/3)
  • compiled by IDL compiler
  • result stub, skeleton in target language
  • Stub for client
  • imposter of the server object
  • forwards method calls etc. to remote machine, if
    necessary
  • Skeleton
  • basis for object implementation
  • enables methods etc. to be also called from e.g.
    a remote machine

14
CORBA IDL (3/3)
  • Example

// this defines the AddressBook modulemodule
AddressBook interface Person attribute
string name string sendEMail(in string
fromWhom)
15
CORBA Object Implementation
  • need to implement the methods and attribute
    accessors defined in IDL
  • ImplBase method
  • implementor creates class derived from generated
    base class
  • Tie method
  • implementor creates own class, attaches to the
    system with a generated Tie class

16
CORBA client, server main programs
  • create, initialize ORB and BOA
  • ORB Object Request Broker
  • BOA Basic Object Adapter
  • basic object, often product-dependent
  • register object
  • in Name service directory of CORBA objects
  • in Implementation repository (Iona Orbix)
  • server start server loop
  • C/C dispose of object

17
CORBA CORBA Security
  • Questions about CORBA?

18
CORBA Security (1/3)
  • Current version 1.7 (March 2001)
  • Initial Version 1.1 Dec. 1997
  • is a CORBA service
  • has IDL descriptions
  • but needs special provisions (in ORB etc.)

19
CORBA Security (2/3)
  • provides functions to secure the object
    interactions
  • confidentiality
  • e.g. encryption of method invocations,authenticat
    ion of users and services
  • integrity
  • accountability
  • e.g. logging / auditing

20
CORBA Security (3/3)
  • Services provided
  • identification and authentication of principals
  • authorization, access control
  • security auditing
  • security of communications (e.g. link encryption)
  • administration of security informations
  • and, optionally, non-repudiation.

21
CORBA Sec. Products
  • MICOsec
  • by ObjectSecurity, for MICO
  • ORBasec
  • by Adiron, for Iona Orbacus
  • Iona Orbix2000
  • Inprise Security Service
  • and others (IBM, ...)

22
CORBA Sec. Concepts (1/2)
  • Principal
  • represents user or service in system
  • like in Kerberos
  • Current
  • Spec. state information for a given service and
    execution environment
  • i.e. the current threads parameters for securely
    communicating with a specific service
  • the only interface that is accessible in Level 1

23
CORBA Sec. Concepts (2/2)
  • Credentials, Delegation
  • represents credentials for a given principal
  • e.g. privileges, identity attributes
  • Authentication
  • principals establishing its credentials
  • Security mechanism
  • concrete method of obtaining security
  • e.g. Kerberos, SSL

24
CORBA Sec. Programming (1/3)
  • Security Levels
  • Level 1 from outside
  • application can only query current status
  • Java org.omg.SecurityLevel1.
  • Level 2 security set up by application
  • all APIs accessible
  • Java org.omg.SecurityLevel2.

25
CORBA Sec. Programming (2/3)
  • Security API structure
  • org.omg.Security common data types
  • org.omg.SecurityLevel1 for Level-1 apps
  • org.omg.SecurityLevel2 for Level-2 apps
  • org.omg.SecurityAdmin
  • querying, modifying security policies
  • org.omg.NRService
  • optional non-repudiation features
  • org.omg.SecurityReplaceable
  • for different implementations of the Security
    services
  • protocol-specific packages SECIOP, SSLIOP,...

26
CORBA Sec. Programming (3/3)
  • Initial references
  • PrincipalAuthenticator
  • authenticate(...), continue_authentication(...)
  • SecurityCurrent
  • SecurityManager
  • Security Attributes, Policies
  • Attributes which security options are allowed,
    required (e.g. Confidentiality, Integrity,...)
  • Policies which Credentials, Mechanism to use if
    several are available

27
Thanks!
  • Questions?
  • References
  • http//www.omg.orgThe Object Management Group
  • http//corbasec.n3.netThe project documentation
    page
Write a Comment
User Comments (0)
About PowerShow.com